add support for secure cookies
This commit is contained in:
parent
84020830ca
commit
ab1409e108
3 changed files with 23 additions and 12 deletions
|
@ -28,7 +28,7 @@ class Session
|
|||
$params['lifetime'],
|
||||
$params['path'].'; SameSite=Strict',
|
||||
$params['domain'],
|
||||
$params['secure'],
|
||||
isSecure(),
|
||||
$params['httponly']
|
||||
);
|
||||
}
|
||||
|
@ -39,6 +39,7 @@ class Session
|
|||
'cookie_httponly' => true,
|
||||
'gc_probability' => 25,
|
||||
'cookie_samesite' => 'Strict', // works only for php >= 7.3
|
||||
'cookie_secure' => isSecure(),
|
||||
]);
|
||||
|
||||
if (!$started) {
|
||||
|
|
|
@ -528,7 +528,7 @@ if (!function_exists('must_be_escaped')) {
|
|||
{
|
||||
$mimes = [
|
||||
'text/htm',
|
||||
'image/svg'
|
||||
'image/svg',
|
||||
];
|
||||
|
||||
foreach ($mimes as $m) {
|
||||
|
@ -540,3 +540,13 @@ if (!function_exists('must_be_escaped')) {
|
|||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
if (!function_exists('isSecure')) {
|
||||
/**
|
||||
* @return bool
|
||||
*/
|
||||
function isSecure(): bool
|
||||
{
|
||||
return (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_PORT'] === 443;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -10,25 +10,25 @@ use App\Web\Session;
|
|||
use App\Web\View;
|
||||
use DI\Bridge\Slim\Bridge;
|
||||
use DI\ContainerBuilder;
|
||||
use function DI\factory;
|
||||
use function DI\get;
|
||||
use Psr\Container\ContainerInterface as Container;
|
||||
use Psr\Http\Message\ServerRequestInterface as Request;
|
||||
use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
|
||||
use function DI\factory;
|
||||
use function DI\get;
|
||||
|
||||
if (!file_exists(CONFIG_FILE) && is_dir(BASE_DIR.'install/')) {
|
||||
header('Location: ./install/');
|
||||
exit();
|
||||
} else {
|
||||
}
|
||||
|
||||
if (!file_exists(CONFIG_FILE) && !is_dir(BASE_DIR.'install/')) {
|
||||
exit('Cannot find the config file.');
|
||||
}
|
||||
}
|
||||
|
||||
// Load the config
|
||||
$config = array_replace_recursive([
|
||||
'app_name' => 'XBackBone',
|
||||
'base_url' => isset($_SERVER['HTTPS']) ? 'https://'.$_SERVER['HTTP_HOST'] : 'http://'.$_SERVER['HTTP_HOST'],
|
||||
'base_url' => isSecure() ? 'https://'.$_SERVER['HTTP_HOST'] : 'http://'.$_SERVER['HTTP_HOST'],
|
||||
'debug' => false,
|
||||
'maintenance' => false,
|
||||
'db' => [
|
||||
|
|
Loading…
Reference in a new issue